Cryptoverse: Blockchain Bridges Fall in Troubled Waters

Representations of the cryptocurrencies Bitcoin, Ethereum and Dash are submerged in water in this illustration taken on May 23, 2022. REUTERS/Dado Ruvic/Illustration

Sign up now for FREE unlimited access to Reuters.com

Aug 9 (Reuters) – Another day, another hack and another blockchain bridge burned.

When thieves stole an estimated $190 million from US crypto firm Nomad last week, it was the seventh hack of 2022 to target an increasingly important cog in the crypto machine: Blockchain “bridges” – chains of code that help to move cryptocurrencies between different applications. read more

Some $1.2 billion worth of crypto has been stolen from bridges so far this year by hackers, data from London-based blockchain analytics firm Elliptic shows, already more than double the total. from last year.

Sign up now for FREE unlimited access to Reuters.com

“This is a war that the cybersecurity company or the project cannot win,” said Ronghui Hu, a computer science professor at Columbia University in New York and co-founder of cybersecurity company CertiK.

“We have to protect so many projects. For them (hackers) when they look at a project and there are no bugs, they can just move on to the next one, until they find a weak spot.”

Today, most digital tokens run on their own unique blockchain, essentially a public digital ledger that records crypto transactions. That risks projects using these coins becoming siled, reducing their prospects for widespread use.

Blockchain bridges aim to break down these walls. The backers say they will play a critical role in “Web3,” the much-hyped vision of a digital future where cryptocurrencies are enmeshed in online life and commerce.

However, bridges can be the weakest link.

The Nomad hack was the eighth largest crypto heist on record. Other bridge heists this year include a $615 million heist at Ronin, used in a popular online game, and a $320 million heist at Wormhole, used in so-called decentralized finance apps. read more

“Blockchain bridges are the most fertile ground for new vulnerabilities,” said Steve Bassi, co-founder and CEO of malware detector PolySwarm.

Reuters Charts

WHOLE ACHILLES

Nomad and other companies that make blockchain bridging software have attracted support.

Just five days before it was hacked, San Francisco-based Nomad said it had raised $22.4 million from investors, including major exchange Coinbase Global. (CURRENCY.O). Nomad CEO and co-founder Pranay Mohan called his security model the “gold standard.”

Nomad did not respond to requests for comment.

It has said it is working with law enforcement agencies and a blockchain analytics firm to track down the stolen funds. Late last week, she announced a reward of up to 10% for the return of hacked bridge funds. He said on Saturday that he had recovered more than $32 million of the hacked funds so far.

“The most important thing in crypto is the community, and our number one goal is to restore user funds,” Mohan said. “We will treat any party that returns 90% or more of the exploited funds as white hats. We will not prosecute white hats,” he said, referring to so-called ethical hackers.

Several blockchain and cybersecurity experts told Reuters that the complexity of the bridges meant they could represent an Achilles’ heel for projects and applications that used them.

“One of the reasons hackers have been targeting these cross-chain bridges lately is because of the immense technical sophistication that goes into creating these types of services,” said Ganesh Swami, CEO of on-chain data company of Covalent blocks in Vancouver, which had some cryptocurrencies stored in Nomad. bridge when it was hacked.

For example, some bridges create versions of cryptocurrencies that make them compatible with different blockchains while keeping the original coins in reserve. Others rely on smart contracts, complex agreements that execute deals automatically.

The code involved in all of these may contain bugs or other flaws, which could leave the door ajar for hackers.

BUG REWARDS

So what is the best way to tackle the problem?

Some experts say smart contract audits could help protect against cyber theft, as well as “bug bounty” programs that incentivize open source reviews of smart contract code.

Others are calling for less concentration of bridge control by individual companies, something they say could bolster the code’s resiliency and transparency.

“Cross-chain bridges are an attractive target for hackers because they often leverage a centralized infrastructure, most of which locks assets,” said Victor Young, founder and chief architect of US blockchain firm Analog.

Sign up now for FREE unlimited access to Reuters.com

Reporting by Tom Wilson in London and Medha Singh in Bangalore; Edited by Pravin Char

Our standards: The Thomson Reuters Trust Principles.

Leave a Comment

Your email address will not be published.